Jump to content

noahdfear

Trusted Malware Techs
  • Content Count

    336
  • Joined

  • Last visited

Everything posted by noahdfear

  1. I'm not seeing anything in your logs that identifies the source of the error messages. Please describe them in more detail. Download GMER Right click and extract it to it's own folder on the desktop. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’. Click on Scan. When the scan has completed, click Copy and paste the results (if any) into this topic.
  2. Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: CFScript.txt Save As Type: All Files (*.*) http://forums.pcpitstop.com/index.php?s=&showtopic=163356&view=findpost&p=1552177 Collect::[22] c:\windows\system32\drivers\xsqatwof.sys File:: c:\windows\system32\drivers\Ndisprot.sys Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a989412-8707-11db-ad69-000ea65e656a}] Close all oth
  3. Please run DDS again as described in post #2 then post the new log here.
  4. Kaspersky is about the best online scanner available, in my experience. I would say you're safe in removing all restore points and creating a new one. Don't worry ..... be happy. LOL
  5. 512 is a minimal amount of memory for XP, and when you start adding programs running too, you're barely scraping by. The RAM may also be on the weak side too. If at all possible, I would recommend you try adding more memory.
  6. Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: CFScript.txt Save As Type: All Files (*.*) File:: c:\documents and settings\AJ\Desktop\RohanBotEn1.0.2\NtProcDrv.sys c:\windows\system32\f12da82.dll c:\windows\system32\1dcf9f62.dll c:\windows\system32\drivers\EagleNt.sys c:\windows\system32\2bf2a34a.dll c:\windows\system32\15d14f90.dll c:\windows\system32\wcdrtc32.dl_ c:\windows\system32\KFUeevI8.exe c:\windows\system32\Wh33B63f.exe c:\w
  7. You've definitely still got some nasties on board. Lets get them cleaned out. Please visit the following webpage for instructions for downloading and running ComboFix How to use ComboFix Download ComboFix by sUBs from here, saving the file to your desktop. Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs. Close all open programs and windows Double click ComboFix.exe and follow the prompts. It may reboot your computer and resume running when you logon. Wait for it to complete. When finish
  8. Did you redo the Kaspersky scan as suggested? I would really like to know that it still reports clean. Remove the quarantine items via the MBAM interface>Quarantine. Hold off on clearing the restore points till verifying with Kaspersky that the system is clean.
  9. Hi tntroy61, Your log appears clean. That message basically tells you that your applications are trying to use more RAM than available, and it is increasing the amount of disk space available to store some of the data in RAM that it deems 'less important', allowing the 'more important' data to be processed through the faster RAM. Leo has a pretty good simplistic explanation here. How much memory is installed?
  10. Your log appears clean. If you want to double check, I suggest an online scan. Instructions follow if you want to. Do an online scan with Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it wil
  11. Did you install this? Desktop\RohanBotEn1.0.2\NtProcDrv.sys Did you also install HackShield?
  12. Hi strgazr04, MyWay is really just a pesky adware, meaning ad supported software. Use it, see ads. Did you by chance try uninstalling it via the Programs And Features applet in the Control Panel?
  13. Thank you. First, please open MBAM and select the Logs tab. Select the most recent scan and click View, then copy and post that log here. If there are several recent logs, post them all. Next, visit the following webpage for instructions for downloading and running ComboFix How to use ComboFix Download ComboFix by sUBs from here, saving the file to your desktop. Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs. Close all open programs and windows Double click ComboFix.exe and f
  14. Please describe to us why you're posting a log. What symptoms or problems are you experiencing? This sort of information can be very important for us knowing what steps to take.
  15. Hi Mr Brightside, I sure would be interested in seeing what MBAM removed. Please see if it's still working after the system restore operation. If so, click the Logs tab and if there's a log present, select it then click View. Post it's contents here. System Restore will roll back a number of things, but it generally will not remove rogue files that have been dropped, so lets run a scan tool that might show us if any are present. Please download DDS and save it to your desktop. Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS will open two (
  16. Hi Loothawk, A bit more information would be helpful here. Log, please help me doesn't tell us much. Please download DDS and save it to your desktop. Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt Save both reports to your desktop. Please include the contents of the following in your next reply: DDS.txt I may ask for the Attach.txt log later, so keep it handy.
  17. Just noticed your edit RE: Java. I recommend you uninstall all versions of Java listed in Add/Remove program then reboot. Next, go here and install the latest version.
  18. Great! Now open MBAM and remove any items quarantined. Do the same with your resident antivirus. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well. Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. You can delete any other logs that were created/saved too. Glad I could help Kieron. Merry Christmas to you also. Surf safe!
  19. Lets make sure something hasn't been missed. Please do an online scan with Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an
  20. That's a good sign Kieron. PC seem to be behaving properly? If so, I think we're done here.
  21. Couple of very strange values in those keys. Since we have backups, lets nuke em. Highlight and copy the contents of the code box below. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v LoadAppInit_Dlls /f reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v DriveConfiguration /f reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v LegacyDrive /f exit cls Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on i
  22. Great! If everything appears to be working properly I'd say you're good to go.
×
×
  • Create New...